Oppo Coloros
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Oppo Coloros.
By the Year
In 2026 there have been 0 vulnerabilities in Oppo Coloros. Last year, in 2025 Coloros had 2 security vulnerabilities published. Right now, Coloros is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 7.40 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 7.80 |
| 2020 | 2 | 0.00 |
It may take a day or so for new Coloros vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oppo Coloros Security Vulnerabilities
ColorOS App Source Verification Bypass Enables Rogue App Install
CVE-2025-27389
- December 05, 2025
A flaw exists in the verification of application installation sources within ColorOS. Under specific conditions, this issue may cause the risk detection mechanism to fail, which could allow malicious applications to be installed without proper warning.
Authentication Bypass by Spoofing
OPPO Clone Phone WiFi hotspot weak pass leads to Info disclosure
CVE-2025-27387
7.4 - High
- June 23, 2025
OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure.
Information Disclosure
Command Injection in Mobile Phone Backup App
CVE-2023-26310
9.8 - Critical
- August 09, 2023
There is a command injection problem in the old version of the mobile phone backup app.
Command Injection
ColorOS pregrant dangerous permissions to apps
CVE-2021-23244
7.8 - High
- December 27, 2021
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.
Dynamic loading of services in the backup and restore SDK leads to elevated privileges
CVE-2020-11829
- November 19, 2020
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability
CVE-2020-11828
- April 21, 2020
In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oppo Coloros or by Oppo? Click the Watch button to subscribe.
